Automotive and Engineering

Vehicle security is about much more than just physical security. With vehicles integrating increasingly intelligent technology, connected vehicle cyber security testing is now a mandatory requirement for each and every automotive manufacturer.

Vehicle cyber security issues can be significant and in many cases impact personal safety. Criminals are using increasingly sophisticated attacks to steal vehicles, and compromise systems, privacy and safety. 

Modern vehicles offer many entry points for an attacker. USB connections, connected entertainments systems, advanced navigation capabilities, wireless systems and mobile apps all represent security risks which offer the opportunity for vehicles to be compromised both locally and remotely. 

Addressing GDPR in connected vehicles

Connected vehicles often measure and store telemetry which includes personal data and mobile applications invariably have vehicle tracking capabilities.  It's likely that such data will be in scope for the upcoming General Data Protection Regulation (GDPR), meaning a vehicle breach could have significant repercussions for the manufacturer. 

Standards for Vehicle Cyber Security

There are currently no commonly accepted standards for vehicle cybersecurity, however, this is likely to change. 

Nettitude, a member of the Lloyd’s Register group, are closely following ISO 26262.  This standard is titled “Road Vehicles – Functional Safety” and applies to the functional safety of electric systems in production automobiles.  It is likely that version two of the standard, which is in development, will address the issue of cybersecurity.

Likewise, J3061 by SAE is a standard in development for cyber-physical vehicle systems which Nettitude consider to be a useful resource.

Between these work in progress standards and Nettitude's own experience and expertise, the Lloyd’s Register group is able to provide leading connected vehicle assurance services.

Connected vehicle cybersecurity services

Nettitude has a wealth of experience assessing the security posture of a connected vehicle.  Specifically, we focus on:

- Design flaws

- Specification flaws

- Implementation flaws

The approach varies depending on the requirement, but we recommend including all components of the connected vehicle system, assessing:

- Dynamic analysis, including fuzzing and manual probes

- Static analysis, including code review and coding standard review

- Unit testing, hardware testing, integration testing

- Using a white box approach where maximum information sharing occurs

This mix of architectural, procedural and implementation reviews allows maximum levels of assurance. Nettitude has discovered critical vulnerabilities in connected vehicle systems and has worked with global automotive manufacturers for a number of years.

IATF 16949:2016 Certification

For the automotive and engineering sectors, where safety and quality are basic requirements, IATF 16949:2016 certification with Lloyd's Register demonstrates your commitment to compliance and best practice to your most important stakeholders. Managing global supply chains effectively and developing more sustainable operations are also areas where our sector-specific expertise can help you reduce risks and improve performance.